Random thought, Have you tried adjusting MTU?
Depending on the client/application, I have better luck with something around 1300. ------------------------------------------- Matthew Poletiek 303.810.9082 [email protected] www.matthewpoletiek.com On Fri, Mar 19, 2021 at 9:09 AM Ashish <[email protected]> wrote: > > > [apologies, in case you receive duplicate messages] > > Hi, > > I'm running if_wg kernel module (git revision: 5ef4d3efa691e71) on > FreeBSD 13.0-RC2. > > With 172.18.10.1 being my local host's wireguard interface's IP address, > I can receive SYN packets, but it does not seem to send any > corresponding SYN/ACK. > > ========================= > 01:26:26.327484 IP 172.18[.10.3.34160 > 172.18.10.1.22: Flags [S], seq > 1278197331, win 64860, options [mss 1380,sackOK,TS val 223949166 ecr > 0,nop,wscale 7], length 0 > 01:26:42.708175 IP 172.18.10.3.34160 > 172.18.10.1.22: Flags [S], seq > 1278197331, win 64860, options [mss 1380,sackOK,TS val 223965550 ecr > 0,nop,wscale 7], length 0 > 01:27:14.964162 IP 172.18.10.3.34160 > 172.18.10.1.22: Flags [S], seq > 1278197331, win 64860, options [mss 1380,sackOK,TS val 223997806 ecr > 0,nop,wscale 7], length 0 > > > 01:28:34.035384 IP 172.18.10.2.41905 > 172.18.10.1.22: Flags [S], seq > 2569759726, win 65535, options [mss 1380,nop,wscale 11,sackOK,TS val > 3991744006 ecr 0], length 0 > 01:28:34.035392 IP 172.18.10.2.41905 > 172.18.10.1.22: Flags [S], seq > 2569759726, win 65535, options [mss 1380,nop,wscale 11,sackOK,TS val > 3991745042 ecr 0], length 0 > 01:28:34.036002 IP 172.18.10.2.41905 > 172.18.10.1.22: Flags [S], seq > 2569759726, win 65535, options [mss 1380,nop,wscale 11,sackOK,TS val > 3991747129 ecr 0], length 0 > ========================= > > ICMP works fine: > > ========================= > 01:53:15.638529 IP 172.18.10.2 > 172.18.10.1: ICMP echo request, id > 47881, seq 0, length 64 > 01:53:15.638535 IP 172.18.10.1 > 172.18.10.2: ICMP echo reply, id 47881, > seq 0, length 64 > 01:53:16.624443 IP 172.18.10.2 > 172.18.10.1: ICMP echo request, id > 47881, seq 1, length 64 > 01:53:16.624448 IP 172.18.10.1 > 172.18.10.2: ICMP echo reply, id 47881, > seq 1, length 64 > 01:53:17.672109 IP 172.18.10.2 > 172.18.10.1: ICMP echo request, id > 47881, seq 2, length 64 > 01:53:17.672115 IP 172.18.10.1 > 172.18.10.2: ICMP echo reply, id 47881, > seq 2, length 64 > 01:53:18.676223 IP 172.18.10.2 > 172.18.10.1: ICMP echo request, id > 47881, seq 3, length 64 > 01:53:18.676230 IP 172.18.10.1 > 172.18.10.2: ICMP echo reply, id 47881, > seq 3, length 64 > 01:53:19.682131 IP 172.18.10.2 > 172.18.10.1: ICMP echo request, id > 47881, seq 4, length 64 > 01:53:19.682136 IP 172.18.10.1 > 172.18.10.2: ICMP echo reply, id 47881, > seq 4, length 64 > ========================= > > And I can make outbound TCP connections: > > ========================= > 01:50:43.267331 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [S], seq > 2119392003, win 65535, options [mss 1380,nop,wscale 11,sackOK,TS val > 1918472905 ecr 0], length 0 > 01:50:43.415524 IP 172.18.10.2.22 > 172.18.10.1.55541: Flags [S.], seq > 2602046635, ack 2119392004, win 65535, options [mss 1380,nop,wscale > 11,sackOK,TS val 1347987709 ecr 1918472905], length 0 > 01:50:43.415532 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [.], ack 1, > win 33, options [nop,nop,TS val 1918473053 ecr 1347987709], length 0 > 01:50:43.415613 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [P.], seq > 1:31, ack 1, win 33, options [nop,nop,TS val 1918473053 ecr 1347987709], > length 30 > 01:50:43.614035 IP 172.18.10.2.22 > 172.18.10.1.55541: Flags [P.], seq > 1:39, ack 31, win 33, options [nop,nop,TS val 1347987870 ecr > 1918473053], length 38 > 01:50:43.653218 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [.], ack > 39, win 33, options [nop,nop,TS val 1918473291 ecr 1347987870], length 0 > 01:50:43.693420 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [P.], seq > 31:1055, ack 39, win 33, options [nop,nop,TS val 1918473331 ecr > 1347987870], length 1024 > 01:50:43.693435 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [P.], seq > 1055:1543, ack 39, win 33, options [nop,nop,TS val 1918473331 ecr > 1347987870], length 488 > 01:50:43.818391 IP 172.18.10.2.22 > 172.18.10.1.55541: Flags [P.], seq > 39:1119, ack 31, win 33, options [nop,nop,TS val 1347988093 ecr > 1918473291], length 1080 > 01:50:43.819870 IP 172.18.10.1.55541 > 172.18.10.2.22: Flags [P.], seq > 1543:1591, ack 1119, win 33, options [nop,nop,TS val 1918473457 ecr > 1347988093], length 48 > 01:50:43.880995 IP 172.18.10.2.22 > 172.18.10.1.55541: Flags [.], ack > 1543, win 33, options [nop,nop,TS val 1347988163 ecr 1918473331], length 0 > 01:50:43.991756 IP 172.18.10.2.22 > 172.18.10.1.55541: Flags [P.], seq > 1119:1571, ack 1591, win 33, options [nop,nop,TS val 1347988277 ecr > 1918473457], length 452 > ========================= > > The tunnel is configured using `wg-quick'. The firewalls are unloaded > for this testing. I have made sure to delete the if_wg.ko shipped with > FreeBSD, and rebooted the host before trying this. > > And ofcourse, if I switch to userspace Go implementation, everything > works as expected, keeping rest of the configuration same, and with > firewalls enabled. > > Thanks! > -- > Ashish >
